* SECURITY UPDATE: Possible arbitrary code execution on clients
through malicious bzr+ssh URLs
- debian/patches/24_ssh_hostnames-lp1710979: ensure that host
arguments to ssh cannot be treated as ssh options.
- LP: #1710979
-- Steve Beattie <email address hidden> Mon, 28 Aug 2017 22:04:57 -0700
This bug was fixed in the package bzr - 2.7.0-2ubuntu3.1
---------------
bzr (2.7.0-2ubuntu3.1) xenial-security; urgency=medium
* SECURITY UPDATE: Possible arbitrary code execution on clients patches/ 24_ssh_ hostnames- lp1710979: ensure that host
through malicious bzr+ssh URLs
- debian/
arguments to ssh cannot be treated as ssh options.
- LP: #1710979
-- Steve Beattie <email address hidden> Mon, 28 Aug 2017 22:04:57 -0700